Monthly archives for December, 2016

Security experts predict that Mirai is far from the end of social media disruption due to botnets.

Social media networks and their prolific use will prompt a plague of botnets in 2017, security researchers have warned.

Botnets are networks of compromised devices, such as connected home gadgets, PCs, and mobile devices, which have been infected with malware specifically designed to enslave such products.

The botnet is run by an operator who utilizes a command and control (C&C) center to send commands to these devices, including what could be flooding a web domain with traffic in what is known as a distributed denial-of-service (DDoS) attack that can severely disrupt online services.

These botnets can cost hosting companies a fortune to combat. For example, in September prominent security blog Krebs on Security was the target of a 620Gbps DDoS attack made possible through the Mirai botnet, a network which enslaved millions of vulnerable IoT products.

The hosting provider, which offered to host the domain without a fee, was forced to withdraw its services due to the sheer cost of the ongoing attack.

As we come into 2017, botnets capable of causing such damage are likely to become a bigger challenge to control, according to Mike Raggo, chief research scientist at social media security firm ZeroFOX.

The security expert predicts that in the next year, a “massive” botnet will target and disrupt popular social media platforms, potentially including Twitter, Facebook, and LinkedIn.

Raggo believes that in 2017 there will be a significant uptick in social media botnets which aim not only to disrupt but also to earn money for their operators. Botnets-for-hire, such as Lizard Squad’s LizardStresser tool, are already well established. However, botnet operators are now leveraging social media to increase the strength of these slave-and-command systems, such as in the case of Linux/Moose (.PDF), which targets Linux-based routers in order to command enslaved devices to commit fraudulent actions — such as spreading the botnet’s malware further — on social media networks.

“[The] code has also been disseminated to the wild, so I fully expect to see more variants and more frequent attacks in 2017,” Raggo says.

As social networks such as Twitter, Instagram, Facebook, and LinkedIn continue to increase in popularity, so do threats against them — and these range beyond botnets to phishing scams, social engineering, and the spread of malware. According to the executive, Facebook, Instagram, and LinkedIn will also become the top social media targets for hackers in 2017.

In particular, the enterprise should be concerned about LinkedIn.

LinkedIn is a platform for connecting professionals and ZeroFOX has witnessed a surge in fake accounts which pretend to be recruiters in order to scam people; ranging from those seeking roles in business to information security.

It is likely that the operators behind these scams, which often update and change their job roles and skills to impersonate different sector recruiters, are performing reconnaissance “with the intent of profiling individuals and their companies,” according to Raggo.

Twitter, Facebook, and Instagram can also be used as platforms to share malware which infects vulnerable systems and can transform a PC into a slave node in a botnet — whether corporate or your average user — but schemes to dupe users into downloading malicious code or clicking a fraudulent link continue to become more sophisticated.

ZeroFOX has uncovered traps for unwitting users on social media platforms which come out of the most unexpected places. Simple, innocuous tweets and general Facebook status updates can act as a springboard for social engineering, and this information spread in public forums have become a stealthy attack vector to infect and enslave systems.

As an example, someone posting that “the men’s bathroom is out of order and a repairman will be by this afternoon” could be used by social engineers to break the physical security of a target company and infiltrate it if an attacker decided to pose as the repairman.

“With the plethora of information posted constantly to social media — an adversary can target an organization and understand the who, what, where, when, and how; and use this against the company,” Raggo said.

This is not the only danger. Impostors can also use connections forged on social media to establish trusting relationships. When you trust a contact, you are potentially more likely to accept and to click on links sent directly through malicious messages or emails.

Botnets are a problem of scale, and while the average user or company can do little to prevent their creation or growth, every little bit helps. Not only does keeping your devices patched and up-to-date prevent your systems being compromised, but for each device kept secured against vulnerabilities, there is one less out there to disrupt the online services we use daily.

New Relic’s app monitoring services grow with expanded event histories, geographic analytics, and support for MongoDB

New Relic released new features for its enterprise application monitoring tools yesterday that make deriving insights from application behaviors more like a business analytics system.

With New Relic’s Software Analytics Cloud, behavioral data could be harvested from apps, then stored and processed for reporting from a cloud-based service. Reports could also be generated by way of NRQL, a SQL-like query language. But New Relic is expanding its arsenal by emulating conventional business analytics suites and adding app-development spin.

[ The InfoWorld review: Tableau vs. Qlik Sense vs. Power BI. | Cut to the key news in technology trends and IT breakthroughs with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]

Take geographic data, for instance. Data harvested from apps can be collated and explored by geolocation — “country, state, city, or ZIP code,” according to New Relic — so that specific behaviors of the analyzed program can be improved depending on regional behaviors. (Example: Would it help to reorganize the UI for regions where right-to-left text is the standard?)

There’s also a visual explorer that drills into data without needing to know any query language. It’s similar to the functionality of other BI tools: Tableau has its own interactive data visualization system; contender Qlik offers a similar drag-and-drop data explorer; and Salesforce has its Lightning UI.

Other changes are keep New Relic current with recent trends, such as support for MongoDB and new APIs intended to be used by devops teams.

New Relic wants to offer features that can’t be matched either by the commercial competition or by open source solutions in terms of speed and scale. Now the company is trying to add the ease-of-discovery and quickest-path-to-insight options found in more conventional line-of-business BI tools, as apps become a major monetization method for businesses.

That said, New Relic is also keeping an eye on further monetizing the service. By default, customers can peruse up to eight days of data from a given application’s history, instead of only one. If a customer needs a longer history, that’s a cost-plus item.

New incarnation of Netuitive SI monitors virtual infrastructures and drills down into apps

Netuitive plans to detail on Monday the latest version of its Netuitive SI, which can now operate in VMware infrastructures.

“We’ve fully integrated all our virtualization monitoring into our core SI product, and we’ve added support for clusters and the datastore,” said Daniel Heimlich, a vice president at Netuitive.

[ Read Test Center’s guide: “Virtualization for the rest of us.” ]

The new support for clusters enables users to monitor and analyze them as a single entity and brings failover and load-balancing. The SI product, he added, “self-learns the behavior of all infrastructure resources.”

The sum of the enhancements enables what the company refers to as a Total Health Index, or a snapshot of the health of a virtual infrastructure. From there, Heimlich explains, companies can drill down into virtual machines and get application data from out-of-the-box tools, such as Tivoli, Microsoft’s Operations Manager, HP OpenView, and BMC Patrol.

“We show a correlated composite view of the infrastructure,” Heimlich said.

Netuitive’s approach appeals to IT shops because most of those tools Netuitive works with were built for distributed computing, not virtual architectures, according to David Williams, research vice president at Gartner.

“It’s about optimizing your current infrastructure,” Williams said. “Netutive gives an overview and visibility into data IT might then use to reprovision.”

Williams added, however, that customers have to be mature enough, from an infrastructure perspective, to manage in such a holistic manner. That said, Netuitive SI might be a natural fit for companies with cloud or service-oriented infrastructures because they already think this way, while more traditional infrastructures would require an adjustment to make the most of the tool.

Customer Review

We are now using your monitoring software, OsMonitor. It is a great software, we are able to block non-business website, monitor activities of our users, website visited and even snap shots. Majority of our need is provided by your software.